Hello

I would like to know if there are any examples of building an HTTP server with HTTPS using TIdHTTPServer component

We currently implement our webserver and REST API server using TIdHTTPServer and some customers are requesting support for HTTPS which I don´t even know how to make it and I have no idea of how the certify works.

Thanks!

Remy

I´m getting some errors when connecting with my browser to my web server with SSL:

Error accepting connection with SSL: SSL3_GET_CLIENT_HELLO:no shared cipher
Error accepting connection with SSL: SSL3_GET_CLIENT_HELLO:wrong version number
EOF was observed that violates the protocol

I´m connecting with HTTPS but... what could cause these issues?

> That means OpenSSL and the web browser could not negotiate a common encryption 
> cipher to use for the session.  Chances are, you may be using a version of 
> the OpenSSL DLLs that has a limited amount of ciphers enabled, or you used 
> the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.CipherList property to disable 
> ciphers that the web browser uses.

Hum, I thought about that and I have downloaded latest version of OpenSSL for windows, I copied the DLL files into my application folder and still I´m getting that message
CiperList is default (blank) and I checked your code that if it is blank you setup some ciphers... I also tried "ALL" and some other strings that I found on the internet with no luck

> That means the web browser is trying to connect using an SSL/TLS version 
> that your server is not configured to accept.  The TIdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions 
> property controls which SSL/TLS versions are allowed.  It defaults to TLS 
> v1.0, which means that clients would only be able to connect using TLS v1.0 
> specifically.  If you want to allow other versions (SSL v2, SSL v3, TLS v1.1, 
> TLS v1.2), you will have to update the SSLVersions properrty as needed.  
> Stay away from SSL v2, it is old and no longer secure, but you can try enabling 
> SSL v3 and TLS v1.1, at least.

Humm I figured that after I posted. I selected support for SSL and now I´m just getting the message of ciphers

Remy

I got it working

But I had to create a PEM certify file

I don´t understand anything about certifies... I need to implement SSL for my customer, so, how does it work? Do I have to purchase some certification or something in order to have a valid certification?

Thank you Remy

I´m trying to make it work, but at this moment I´m getting a lot of errors when connecting like no cipher and other stuff. I think it might be related to OpenSSL libraries, I´m trying to figure out

But I would like to ask you if OpenSSL only works for Win32 or will it work with Win64?

Remy

I got it working

But I had to create a PEM certify file

I don´t understand anything about certifies... I need to implement SSL for my customer, so, how does it work? Do I have to purchase some certification or something in order to have a valid certification?

> But I had to create a PEM certify file
> I don´t understand anything about certifies... I need to implement SSL for my customer, so, how does it work? Do I have to purchase some certification or something in order to have a valid certification?

How did you create the PEM certificate file exactly? 

You basically have 2 options - use openssl to be your own certificate authority (CA) and issue your own certificates (if you google there is tons of info on using openssl for self-signed certificates - and you likely did just that). The only downside is that by default it would not be trusted and clients using your REST service would have handle the untrusted certificate issue (or add your CA cert to their local certificate store).

Easier option likely would be to just buy a SSL certificate from a well known CA  - Comodo sells them for $15 per year per host and even has a 90-day free trial you can get first to make sure it works. 

Raul